The Day That Guccifer 2.0 Quit Hacking The DNC

Via Disobedient Media 

Disobedient Media recently reported on discoveries made by the Forensicator in their report, Media Mishaps: Early Guccifer 2 Coverage. In our previous coverage of the Forensicator's work, we discussed the essential role played by the media in ensuring that the Guccifer 2.0 persona received wide recognition by successfully linking Guccifer 2.0’s documents with the DNC’s claims that Russian state-sponsored hackers had breached their servers.

This report will focus on an unreported story:  After the fact, the DNC quietly changed an important theme in their Russian hacking narrative. Initially, the DNC passively supported the notion that Guccifer 2.0 stole a copy of a Trump opposition report by penetrating the DNC at the behest of the Russian state. Then over a year later, an un-named ex-DNC official tells us that this document in fact came from Podesta’s emails, not the DNC. This single statement by a DNC official invalidated the circumstantial evidence that had been used to support the DNC’s Russian hacking claims, and represents a groundbreaking contradiction that has gone unobserved by establishment press outlets.

This report will also discuss numerous mistakes made by various legacy press outlets in their obsessive focus on the Russian hacking narrative and their rush to judgment in the matter.

A Late (and Quiet) Change in the DNC Russian Hacking Narrative

In November 2017, the DNC changed their Russian hacking narrative via their proxies in the legacy media.  The Associated Press published, Inside story: How Russians hacked the Democrats’ emailsthey cite an anonymous former DNC official who asserts that Guccifer 2.0’s first document (the Trump opposition report) did not originate in the DNC as initially reported. The importance of this contradiction, combined with earlier allegations of hacking the DNC made by Guccifer 2.0, cannot be overstated.

The Associated Press wrote in November 2017:

“…There were signs of dishonesty from the start. The first document Guccifer 2.0 published on June 15 came not from the DNC as advertised but from Podesta’s inbox, according to a former DNC official who spoke on condition of anonymity because he was not authorized to speak to the press.”

By classifying Guccifer 2.0’s claim to have obtained the Trump Opposition Report through a breach of the DNC as a sign of dishonesty, the Associated Press uses the Guccifer 2.0 persona’s widely held claim as an example of contradiction with their new version of the 'official' Russian hacking narrative. In so doing, the AP makes the hacking allegations entirely nebulous: a fantasy narrative that can be neither proven nor disproven but easily edited and rearranged when convenient. Incredibly, the AP’s article also contradicts the claims made by the DNC themselves, and so-called papers of record, including the Washington Post.

By returning to the genesis of the Russian hacking narrative, we find that the AP's November report runs contrary to the DNC's initial claims, as reported by The Washington Post, in an article titled, Russian Government Hackers Penetrated DNC, Stole Opposition Research On Trump. When reviewing this early history of the matter, it becomes clear that it is logically impossible to separate the Guccifer 2.0 persona from the allegations of a Kremlin-backed hack of the DNC. Critical statements in that initial report by the Washington Post are highlighted below for emphasis:

“Russian government hackers penetrated the computer network of the Democratic National Committee and gained access to the entire database of opposition research on GOP Presidential candidate Donald Trump, according to committee officials and security experts who responded to the breach…

…[Fancy Bear] broke into the network in late April and targeted the opposition research files. It was this breach that set off the alarm. The hackers stole two files,[Shawn] Henry said.”

By taking this later (2017) stance, the Associated Press contradicts the "official" Russian hacking narrative involving Guccifer 2.0 (as implied by the DNC’s own security firm) and which had, until that point, been characterized by the corporate press as Russian-hacking-gospel-truth. By seamlessly excising Guccifer 2.0 from culpability within a new timeline of events, the Associated Press makes the entire hacking story a fantasy narrative that can be neither proven nor disproven but must not be questioned.

The Forensicator explained to Disobedient Media:

"Investigators would have been able to rapidly determine if there were textual differences between Guccifer 2.0’s document and the DNC’s. If there were no textual differences, an initial determination might have been difficult, because Guccifer 2.0 went to some trouble to obscure internal metadata, known as Revision Save ID’s (RSID’s), which can be used to uniquely identify sections of text that have been changed and added into a Word document. However, when the Podesta emails were published in October 2016, investigators should have been able to source Guccifer 2.0’s document to the Podesta emails quickly. They would have been able to do this before the 2016 election, a full year ahead of the AP report." [Emphasis Added]

The Forensicator then referred this author to a table in his report, depicting the metadata for Podesta’s version of the Trump opposition report:

Description: g2-trump-report-orig-metadata

As we can see, the document was saved by Tony Carrk, who worked as Research Director for Hillary for America at the time. This document was attached to this Podesta email.

Description: g2-carrk-to-podesta-emai

The Forensicator continued, saying: "We can see that Mr. Carrk made some change that took less than one minute to complete. If investigators compared Carrk’s version of the document to the original DNC document, they should have been able to quickly determine that Guccifer 2’s document is sourced from Podesta’s emails and not directly from the DNC.  For this, an RSID correlation would have probably been telling."

Why did the DNC, their security consultant firm Crowdstrike, and government investigators wait so long to tell us that Guccifer 2.0 did not obtain their copy of the Trump opposition report directly from the DNC? Why did
Crowdstrike tell the Washington Post that the opposition report files had been stolen specifically from the DNC network if that were not the case?

The legacy press chorus had initially linked Guccifer 2.0’s first document, and the “Russian fingerprints” therein to the Trump opposition report that the DNC claimed to have been stolen by Russian state-sponsored hackers. What prompted them to change their story, contradicting not only Guccifer 2.0 but the DNC themselves? Should we now assess the DNC’s claim that the document had been taken by Russian hackers to be untrue? 

Ultimately, it is the DNC’s claim that they were breached by Russian hackers, who stole the Trump opposition report, which directly belies their allegation - because the document did not come from the DNC, but from John Podesta’s emails.

Is it possible that Mueller’s investigation may have taken a closer look into the origin of Guccifer 2.0’s initial document, realizing that it was sourced from Podesta’s email?  The DNC and government investigators may have then decided that the best way to obscure the resulting contradictory evidence was by letting it quietly leak via a “former DNC official who spoke on the condition of anonymity,” in the November 2017 article published by the Associated Press.

Given the repeated contradictions from the DNC and corporate media in their description of Russian interference in the 2016 US Presidential race, how can the public be expected to believe that their other claims have any legitimacy whatsoever?

The AP’s November 2017 article also noticed that Guccifer 2.0’s first published document contained the word CONFIDENTIAL, while the original document did not. This was old news to anyone who had been paying attention;
Adam Carter analyzed this artifact nine months earlier:

Description: g2-carter-notes-confidential

What is interesting here is that the AP admits that such elements of the document's publication had been fabricated, but did not then follow that realization by questioning other possibly fabricated elements of the documents, such as the Russian-language error messages. The AP certainly did not concern themselves with why a Russian state-sponsored hacker would benefit from airbrushing "confidential" onto such a report.  Their claim that it was to attract media attention seems quite weak.

AP surmised that Guccifer 2.0 "air-brush[ed]" the word "confidential" into the document to "catch the reporter's attention.” Both Carter and the Forensicator have explained that Guccifer 2.0 used a complex process, involving an intermediate template document, to inject this "alluring" fake. The Forensicator told this author that they take the position that this intermediate template file (ostensibly needed to add "CONFIDENTIAL" to the document) had an additional purpose.

The Forensicator explained that, for some readers and researchers, the copy/paste of an intermediate (RTF) copy of the Trump opposition report into a template document might be interpreted simply as an unconventional method for injecting "confidential" into 1.doc. However, the Forensicator added, it can also be interpreted as a "cover" for the final copy/paste operation which was a necessary step in the evolution of Guccifer 2.0’s first document. It was needed to embed the Russian error messages into the final document (1.doc). 

Once again, establishment media failed to pursue their cited evidence with due diligence. This is a grave mistake, especially given the way in which Guccifer 2.0's alleged 'hacking' has been used as a major bolstering point for increased tensions between the United States and Russia.

Initially, Gawker and The Smoking Gun Didn't Notice Iron Felix

Guccifer 2.0 made his noisy debut on June 15, 2016 (the day after the DNC publicly claimed it had been breached by Russian state-sponsored hackers). It also appears that Guccifer 2.0 gave advanced copies of their doctored version of the Trump opposition report to two media outlets, The Smoking Gun and Gawker.

In their full analysis, the Forensicator wrote that it was surprising that neither outlet reported on the easily viewed "Last Saved By" property, which listed "Феликс Эдмундович" (aka "Iron Felix") as the user who last saved the document.  This unique name was noticed by various social media observers that same day and by Ars Technica the following day.  How did the journalists miss this, and why?

Initially, Gawker and The Smoking Gun Didn't Notice the Russian Error Messages

Both Gawker and The Smoking Gun published Guccifer 2.0's Trump opposition report in full as a PDF file.  Their PDF files have the now infamous Cyrillic error messages in them; they appear in the last few pages of their PDF files.  Ars Technica dubbed these error messages, "Russian fingerprints."

Although both outlets reviewed this document in some detail, neither outlet noticed the Russian error messages in their first reports. The Forensicator suggests that, given their choice of word processing applications, they would have seen the Russian error messages, if only they had viewed the last few pages of each file. That is, unless (perhaps) they received their PDF's directly from Guccifer 2.0 or another third party and they just passed them along.

Ars Technica was Confused When They Didn't See the Russian Error Messages in Guccifer 2.0's Word Document

Ars Technica reported on Guccifer 2.0's publication of the Trump Opposition Report the day after Guccifer 2.0 arrived on the scene. They quickly noted that there were Russian language error messages in the PDF file posted by Gawker. They also noticed that when they viewed 1.doc themselves, they didn't see the Russian error messages. The Forensicator told Disobedient Media that this was because Ars Technica used Word for Windows, which displayed the error messages in English.

Ars Technica suggested that The Smoking Gun's PDF may have been generated by Guccifer 2.0 on a system that had Russian language settings enabled.

Description: g2-ars-tech-leaker-wrote-pdf

While this explanation appears reasonable, it is surprising (if that was the case) that Gawker didn't tell us that their PDF came directly from Guccifer 2.0. The Smoking Gun also published a PDF with Russian error messages in it. Are we to believe that The Smoking Gun also received their PDF from Guccifer 2.0 or a third party, and failed to report on this fact?

IVN: Did Gawker Outsource Their Analysis to Russia?

An obscure media outlet, Independent Voter Network, raised various theories on the initial reporting done by The Smoking Gun and Gawker. One of their wilder theories suggested that Gawker had outsourced their analysis to a Russian sub-contractor. The Forensicator evaluated that claim, ultimately concluding that Independent Voter Network had gone on a wild goose chase because the "clue" they followed pointed to Gawker's document management service known as “DocumentCloud.” DocumentCloud uses a technology that they call "CloudCrowd," which is what IVN saw in the PDF that Gawker uploaded. The Forensicator referred to a DocumentCloud job advertisement for confirmation of his conclusion.

Description: g2-gawker-cloud-crowd

The Forensicator told Disobedient Media: "We found CloudCrowd; it is not an outsourcing company. Probably not Russian, either."

Business Insider: Did Guccifer 2.0 Photoshop “Confidential” Into his Document Screenshots?

When Business Insider noted the presence of "CONFIDENTIAL" in Guccifer 2.0's document, they claimed that Guccifer 2.0 might have “photoshopped” his screenshots (placed on his blog site) to create the watermark and page footer with “confidential” in them.

Description: g2-bi-20171103-1-doc-photoshopped

Description: g2-bi-20171103-1-doc-altered-screenshots

The Forensicator countered that claim by pointing out that the Business Insider journalist likely viewed the document with "Full-Screen Reading" selected.

Description: g2-bi-20171103-full-screen-mode

This mode will disable the display of the watermark and page headers and footers when viewed by the journalist, but they will be displayed when printed to PDF. No Photoshop required.


The close timing of the DNC announcement and Guccifer 2.0’s publication of the Trump report, as well as reports of “Russian fingerprints” in those documents, created a strong link between Guccifer 2.0 and the Russian hackers who allegedly stole DNC files. Over a year later, the Associated Press tells us that this first narrative was wrong, contradicting the DNC’s claims as well as much of the early legacy press reports on the issue. Must we concurrently accept the narrative that Russians hacked the DNC if claims that they had done so were not only based on flimsy evidence but have now been contradicted completely?

As far as documented evidence of election interference goes, one does not have to stray far from the actors in the Russian hacking saga to discover that the DNC and establishment Democrats were, instead of victims of meddling, the perpetrators of such abuse of the American Democratic process. In 2017 the NYC Board of Elections admitted that it had illegally purged hundreds of thousands of Democratic voters from the election roles, preventing them from voting in the 2016 Democratic primaries. This abuse of power represents just one in a constellation of legitimate examples of abuse that took place at the hands of corporatized Democrats in order to unfairly and illegally ensure a Clinton nomination.



chubbar Mareka Thu, 05/24/2018 - 07:34 Permalink

You can go ahead and show a complicated timeline that outlines in detail how these Dems are lying pieces of shit OR you can just lay out the following, which is enough to convince anyone capable of thinking past a 4th grade level.

The DNC claims they were hacked but would not turn over the servers which would prove this charge. That's it in a nutshell. Anyone who is assaulted is happy to prove it so that they can get resolution, just apparently not the DNC. I don't need any more proof that these assholes are lying than that fact.

In reply to by Mareka

honest injun Wed, 05/23/2018 - 18:57 Permalink

This is too complicated for the average demon rat nitwit to follow.  They don't want to know this so showing them facts has to be dumbed down. Otherwise, all new revelations will be ignored. 

Arctic Frost SPONGE Wed, 05/23/2018 - 23:18 Permalink


And I HAD to log in to correct the both of you. This doesn’t dispute the leak narrative at all. Go back. Reread it. It’s deep but it’s clear. Short explanation: SOMEONE created a false footprint so it could be used as an explanation as to how the DNC servers got accessed. Then they realized they screwed it up and adjusted the story but left a public paper trail. What does that have to do with Seth? 


Remember, multiple things were happening. 

In reply to by SPONGE

Arctic Frost Bay of Pigs Wed, 05/23/2018 - 23:14 Permalink


You’re too lost in your anger of what you believe was done to Seth Rich to understand what it is they’re describing here. This is the explanation against the “Proof of the Russian Narrative.” A narrative that needed a creation. Whether it was needed to react to the Wikileaks dump or to set the pattern of a “threatened Trump by Russia thus susceptible to collusion” as an insurance policy or most likely both. 


What do you think happened? IF someone leaked all that information, the DNC just sat back and didn’t try to cover tracks nor create a “narrative”? They just let it stand then they went out and killed Seth Rich and THAT alone would cover the story? Are you serious? The deep state aren’t stupid, they knew the top tier of technical investigators would jump at the chance to discover what happened. They started down a path they then had to abandon and in that abandon they left a public paper trail. 


The DNC had hoped to use Crowdstrike to cover up everything. But a foot print is a foot print is a foot print. Whether left in the dust from the scene of a murder or left in data for all to see by those who connect the dots, and what they describe here is a publicly found foot print on top of a false foot print. Now ask yourself, WHY would they have to create a false foot print? Perhaps because some boy felt patriotic enough to stand up for his country? That’s not addressed here, that’s for the rest of us to figure out.



In reply to by Bay of Pigs

chubbar Arctic Frost Thu, 05/24/2018 - 07:40 Permalink

An interesting aside to note here, I read an article 2 days ago with the following facts. Don't have the link but you can probably find it on a search engine or go to and scroll down to it.

Anyway, it has come out that the DNC cut checks to Crowdstrike the day after Seth Rich was murdered and the day after the guy who filed a lawsuit against the DNC turned up dead of a heart attack. One was in the 90K range and the other in the 110K range.

Just an interesting tidbit, doesn't prove any connection but it does seem odd.

In reply to by Arctic Frost

d3fi4nt chubbar Thu, 05/24/2018 - 08:20 Permalink

Interestingly, Guccifer 2.0 (who I suspect of being operated by 2 CrowdStrike executives) seems to have been accessory after the fact in relation to Seth's murder (by lying about Seth and providing false information that will have interfered with investigations)

In addition to this... Guccifer 2.0 hardly ever sought information from people, however, one critical exception to this was in the case of the DNC Fraud lawsuit - where Guccifer 2.0 asked Cassandra Fairbanks (of Big League Politics) various questions about the lawsuit, about who was involved, etc.

Guccifer 2.0 sought details about what Shawn Lucas was involved in and tried to attribute himself to Seth as a means of discrediting/undermining Seth ahead of any potential disclosure.

In reply to by chubbar

d3fi4nt Arctic Frost Thu, 05/24/2018 - 08:12 Permalink

Thank you.

Indeed, what Forensicator has looked at has primarily been Guccifer 2.0 and evidence surrounding that persona (and this article is very much a G2 focused piece). 

The only time Seth Rich had any connection to G2 was through claims made by Guccifer 2.0 in mid-late August 2016 via Twitter DMs to Robbin Young (and those claims were likely to have been CrowdStrike trying to "poison the well" in anticipation of Seth potentially being named as a source... Assange was due to be interviewed by Fox News on that same day and many were expecting Assange to divulge the source).

Seth seeming to have been a source isn't being disputed and dismantling Guccifer 2.0 is likely to be a step towards getting justice for Seth.

Forensicator (and others investigating G2) avoid mentioning Seth Rich constantly because it makes them targets quickly and makes it harder to get all the critical technical information out as it'll only attract efforts from the DNC's array of reputation management entities trying to smear or have investigators, analysts and reporters censored.

While Seth may not be getting mentioned, exposing those behind Guccifer 2.0 can inherently reveal who likely recorded Seth's activity but never reported it publicly, has shown signs of knowing about what had been leaked (aside from the Podesta emails) this was something Guccifer 2.0 demonstrated knowledge of 4 days prior to Seth's murder.  Also, as mentioned above, we have an incident that effectively makes Guccifer 2.0 accessory after the fact.

With regards to the evidence being disjointed/fragmented - this is true but it's only because of how different sub-topics and evidence have been handled and emerged over time - and by different people.  I have to take responsibility for failing to communicate discoveries and evidence effectively.

I am working to address this in a new article that will lay everything out more clearly and concisely and that will only feature the conclusions/summaries of evidence/studies/analysis (these will link to all the technical details for those that want to drill down further to the original articles) and I'm hoping this will make everything easier to understand.

(Disclosure:  I'm Adam Carter)

In reply to by Arctic Frost

DrLucindaX Wed, 05/23/2018 - 19:10 Permalink

Really good work and reporting here that will never be understood by the masses. Everything that's going on is far too complex, too many moving parts, too much compartmentalization. Trump is doing a good job dumbing it down. 

Justapleb Wed, 05/23/2018 - 19:54 Permalink

So the DNC announced Russia hacked them, and "proved" it with a file they say was stolen.

But that file was not the DNC's.   So the "proof" of Russia hacking the DNC is nonexistent.   


Gotta dumb it down.  

any_mouse Justapleb Wed, 05/23/2018 - 22:23 Permalink

That is what I understood in the opening statements.

Then they kept going and by the end I was not sure what the conclusion was, or if there was a conclusion at all.

I know both National Committees are corrupt and not serving the voters interests.

The point is not whether by hack or leak or by Russians.

The point is the trail of corruption that is in evidenced in the emails and the cover up.

Collusion between the DNC and the DOJ to affect the outcome of an election and then to attack the Office of POTUS post election.

In reply to by Justapleb

Arctic Frost any_mouse Thu, 05/24/2018 - 10:05 Permalink


What I find terrifying is the revelation of all these actions on the parts of multiple people in multiple ways through multiple types of manipulation is painting a terrifying picture of a group having much more sinister plans than the simple removal of Trump. I can’t get Obama’s speech to the UN out of my head where he expressed how Americans would have to start giving up their rights for the sake of safety. What the hell were these people going to do to affect our “safety” to convince us to give up our rights? 

In reply to by any_mouse

JailBanksters Wed, 05/23/2018 - 19:59 Permalink

I'd like to see all these morons put on a Polygraph, the needle is going to swinging so hard it will break the needle but should answer the question about being guilty.


TeraByte Thu, 05/24/2018 - 00:02 Permalink

Without an access to DNCs HDDs an entire sequence of "hacking", is based on speculation only. If "the victim" is not prepared to cooperate and release such evidence , you really cannot take their allegations seriously.

Kendle C Thu, 05/24/2018 - 08:29 Permalink

The DNC won't exist in three years, the Clinton Foundation will be a scandalous, nearly unbelievable, book on the best seller list. Trump gets re-elected and all non-profits will be taxed and most NGO's will be booted the hell out, sort of a McCarthy Inquisition will be ongoing to the satisfaction of the former middle class, banker, oligarch, chairmen will hang with the 911 conspirators on the spikes of said memorial. Finally, lobbying will be eliminated, elections won't pay think tanks or media companies. Five distinct TV channels specifically for each remaining political party is where all campaigning will be done. The CIA and the Neocons caput.

Arctic Frost Kendle C Thu, 05/24/2018 - 10:30 Permalink


Once upon a time, there was a dream. It was called America and the people loved this dream. They believed in this dream, they lived this dream and some people gave their lives for this dream, it was a beautiful dream. Then one day, people started getting spoiled by this dream. They felt the dream was only meant for them and not for everyone. They proceeded to manipulate the dream to serve only them. They were called the Gobbler’s as they gobbled everything up for themselves. 

Meanwhile, everyone else was so happy and so content living the dream they didn’t notice the Gobblers going here and going there dismantling the dream. The Gobblers were keeping just enough of the dream together to fool all the people who loved the dream. The Gobblers became more and more intrusive, more and more manipulating and more and more powerful and some of the people became afraid.

Many people could sense that something was going wrong with the dream, while others were fooled by the Gobblers and sang the Gobbler’s praises. Then one day an orange troll appeared. He was ugly, loud and silly. The Gobblers laughed at this orange troll and called him names. However, the people who were frightened of the Gobblers looked to the orange troll as a chance to fight the Gobblers. The Gobblers stopped laughing. The Gobblers rose their angry heads and they were ready to kill the troll.

The people didn’t know if this orange troll was a good troll or a bad troll. But they did know the Gobblers did not like this troll. No, the Gobblers hated this troll, so the frightened people stood behind the troll and gave him weapons to fight the Gobblers. Can the frightened people count on this orange troll? Will the orange troll save them? Will they keep supporting the orange troll? Will the orange troll really fight the Gobblers? Will the people live happily ever after? 

In reply to by Kendle C

cheech_wizard Arctic Frost Thu, 05/24/2018 - 11:08 Permalink

and along came a black swan and nuked Washington D.C. where the majority of the Gobblers lived, and the people did live happily ever after, except those in California, because they had learned to embrace socialism and were happy to have the few remaining Gobblers that had escaped the destruction of Washington D.C. stomp forever on their faces with heavy steel toed turkey boots.

Standard Disclaimer: I think we have a bestseller here. Just needs some more fleshing out, a splash of Bulwer-Lytton, and a lot more gravy.

In reply to by Arctic Frost